Fraud Prevention

Realtime fraud prevention API to detect suspicious activity

Payment Page

Add the javascript to the head section of your payment page

<script src="https://fd.sla-alacrity.com/d513e9e03227.js"></script>

You then need to retrieve a token that is associated with this visitor and checkout. You do this by calling Detector(ids, partner, service) once the page has loaded.

Parameter

Description

Example

ids

The HTML id's of your payment form, confirmation button, and cancel button

form: 'purchase_form'
confirm_button: 'form_submit_btn'
cancel_button: 'form_cancel_btn'

partner

Your Alacrity partner URI

partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb

service

Your Alacrity service URI

campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779

Our javascript will insert an HTML element with the id fraudDetectorIsLoaded so that you can check that everything has loaded before submitting your form. Once loaded our javascript will also add a hidden input to your form with the name token and the value equal to the returned token.

Below is a full example using vanilla javascript of initialising the Detector, adding a listener to your form, checking that fraudDetectorIsLoaded, and then submitting your form (with the hidden token field).

window.onload = function () {
    var ids = {
      form: 'purchase_form',
      confirm_button: 'form_submit_btn',
      cancel_button: 'form_cancel_btn'
    };
    var partner = 'partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb';
    var service = 'campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779';

    const detector = new Detector(ids, partner, service);
    detector.setup();

    var form = document.getElementById(ids['form']);
    form.addEventListener("submit", function(e) {
      e.preventDefault();

      function fraudDetectorLoaded() {
        var loaded = document.getElementById('fraudDetectorIsLoaded');
        if (loaded && loaded.value === 'yes') {
          form.submit();
        } else if ('requestIdleCallback' in window) {
          requestIdleCallback(fraudDetectorLoaded);
        } else {
          setTimeout(fraudDetectorLoaded, 100);
        }
      }
      fraudDetectorLoaded();
    });
  }

Check Transaction API

Once the user has submitted your payment form you need to check the token with our Check Transaction API. This API will check the token and return whether the user/purchase is valid or not.

HTTP Request

POST /v1/check_transaction?token={token}

Sample Request

POST /v1/check_transaction?
token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a
Host: fd.sla-alacrity.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
curl -X POST \
https://fd.sla-alacrity.com/v1/check_transaction?token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a \
--header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='

Parameter

Description

Example

token

This is the token that is added as a hidden input field on your payment form and is submitted along with your form with the parameter name token

2e056a61-18d0-41c7-93d1-94f07bf9cf0a

Response

The response is returned as JSON and also uses HTTP status codes. When the status code is 200 the response will contain the key is_vaild which is a boolean and indicates whether or not the transaction is valid and the purchase should be allowed.

{
  "is_vaild": true
}
200

If a transaction is blocked for being suspicious is_valid will be false and there will be a reason returned.

{
  "is_valid": false,
  "reason": "BOT_ACTIVITY"
}
200

It's also possible to receive other errors via the HTTP status codes such as 400, 401, and 404. In this case there will be a JSON response returned in the body with the key message.

{
  "message": "auth error: invalid credentials"
}
401

Unless you receive a HTTP status of 200 and is_valid is true the purchase should not be allowed to continue.